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CLAIMS 

1. (cancelled) 

2. (currently amended) ^fte-A network configuration entity of claim 1 further comprising a 
memory for storing an NCE list, said NCE list comprising an indication of each device in 
fee -a secure n etwork that may operate as said network configuration entity. 

3-4. (cancelled) 

5. (currently amended) The network configuration entity of claim [[4]]2 further comprising 
a memory for storing a DCC list, said DCC list associated with said one or more rules for 
interaction between and among devices in the secure network and comprising definitions 
that logically bind a port on the network configuration entity[[,]] to one or more other 
ports resident in the secure network. 

6. (cancelled) 

7. (currently amended) The network configuration entity of claim 6-5_wherein said ports are 

identified by a unique number. 

8. (previously presented) The network configuration entity of claim 7 wherein said unique 
number is a world-wide-name. 

9. (cancelled) 

10. (currently amended) The network configuration entity of claim 9-2_further comprising a 
memory for storing aii-a^MAC list, said MAC list comprising an indication of network 
endpoints from which management access is acc e ptabl e p ermitted . 

11. (currently amended) The network configuration entity of claim 9 -10 w herein said 
network endpoints comprise are indicated by IP addresses. 
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12. (previously presented) The network configuration entity of claim 11 wherein said IP 
addresses are associated with access firom SNMP or Telnet or HTTP or API. 

13. (currently amended) The network configuration entity of claim 9 -10 wherein said 
network endpoints compriso are u niquely indicated by identified device ports. 

14. (currently amended) The network configuration entity of claim ^10 wherein said 
network endpoints comprise uniquely identified devices resident in said secure network. 

15. (cancelled) 

16. (currently amended) The network configuration entity of claim +§-2_further comprising a 
memory for storing an SCC list, said SCC list associated with said-switch connection 
controls and comprising a list of devices authorized to participate in said secure network. 

17. (currently amended) A network configuration entity configured or adapted to exclusively 
control a defined sot of managomont functions throughout a secure network, said secure 
n e twork comprising a plurality of switching d e vic e s, said s e t of manag e m e nt fiinctions 
comprising (i) th e r e cognition, op e ration and succ e ssion of th e n e twork configuration 
entity, (ii) switch coimection controls for designating devices to participate in the secure 
network, (iii) device connection controls that indicate port relationships in said secure 
n e twork, and (iv) manag e m e nt acc e ss controls that r e strict manag e m e nt servic e s to a 
defined s e t of e ndpoints, said n e twork configuration e ntity comprising : 

a processor; and 

a memory for storing 

an NCE list, said NCE list comprising an indication of each device in the network 

that may operate as said network configuration entity, 
an SCC list, said SCC list comprising an indication of each device allowed to 

participate in said secure network, 
a DCC list, said DCC list associated with said one or more rules for interaction 
between and among devices and comprising definitions that logically bind a port 
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on the network configuration entity, to one or more other ports resident in the 
secure network, and, 

a MAC list, said MAC list comprising an indication of network endpoints fi-om 
which management access is acceptable. 

18. (cancelled) 

19. (currently amended) A Fibr e Chann e l switching device configur e d or adapt e d to op e rat e 





iro network wherein a defined sot of management fimctions is controlled 


throughov 

oomprisin 


it said socuro network by a network configuration entity, said socuro network 
g a plurality of switching devices, said set of management fimctions comprising 






switch connGction controls for designating doviccs to participate in tho socuro network, 



said Fibre Channel switching device comprising : 
a processor; and 
a memory for storing 



a list of entities eligible to be a primary network configuration entity, wherein 
the primary network configuration entity has exclusive control of one or 
more security fijnctions. one of the entities on said list being a default 
primary configuration entity and identifiable as such by a pre-defined 
rule an NCE list, said NCE list associated with said recognition, operation 
and suooossion of tho network configuration entity and comprising an 
indication of e ach d e vic e in th e n e twork that may op e rat e as said n e twork 
configuration e ntity , and 

a network configuration policy set, said network configuration policy set 
comprising. 

zoning information defining members of the logical zones in said 
physical network, and 

fabric segmentation information defining management procedures to 
be implemented in the event that said network switch becomes a 
member of a segmented portion of the networ k an SCC list, said 



Application No. 10/066,251 

Amendment Dated: December 22, 2009 

Response to Office Action Mailed September 30, 2009 



Page 5 of 10 



sec list associated with said switch coimection controls and 
comprising an indication of e ach devic e allow e d to participat e in 
said socuro network . 

20. (cancelled) 

21 . (currently amended) A Fibre Chaimel switching device configured or adapted to op e rat e 
in a s e cur e n e twork wh e r e in a d e fin e d s e t of manag e m e nt fimctions is controll e d 
throughout said socuro network by a network configuration entity, said socuro network 
comprising a plurality of switching devices, said sot of management fimctions comprising 
(i) th e r e cognition, op e ration and succ e ssion of th e n e twork configuration e ntity, and (ii) 
management access controls that r e strict manag e m e nt s e rvic e s to a d e fin e d s e t of 

a processor; and 

a memory for storing 

a list of entities eligible to be a primary network configuration entity, wherein 
the primary network configuration entity has exclusive control of one or 
more security functions, one of the entities on said list being a default 
primary configuration entity and identifiable as such by a pre-defined 
rule an NCE list, said NCE list associat e d with said r e cognition, op e ration 
and succession of tho network configuration entity and comprising an 
indication of each device in the network that may operate as said network 
configuration e ntity , and 
MAC policies, said MAC policies defining logical chatmels from which a pre- 
defined set of security or management operations may originate a MAC 
list, said MAC list associated with said management access controls and 
comprising an indication of n e twork e ndpoints from which manag e m e nt 
access is acceptable . 



22-5 3 . (cancelled) 
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54. (currently amended) A method of securing a networ k having a Fibre Channel switching 
device configured or adapted to op e rat e in a s e cur e network wh e r e in a d e fin e d s e t of 
managomont function is controlled throughout said socuro network by a network 
configuration entity , said method comprisin g the stops of : 

controlling the recognition, operation and succession of the network configuration 
entity by designating an NCE list comprising an indication of each device in the 
network that may operate as said network configuration entity; 

designating a unique name for each devices that may participate in the secure 
network; 

indicating port relationships in said secure network to specifically delineate a list of 

unique names for ports that any given port may communicate with; and 
restricting management access to a pre-defined set of access methods. 

55. (new) The network configuration entity of claim 17 wherein the network configuration 
entity is a switching device. 

56. (new) The network switch of claim 19 fiirther wherein the memory further stores MAC 
policies, said MAC policies defining logical channels from which a pre-defined set of 
security or management operations may originate. 

57. (new) The network switch of claim 19 wherein the one or more security functions 
comprise specifying devices that may facilitate management-level access to the network. 

58. (new) The network switch of claim 19 wherein the one or more security functions 
comprise providing confidentiality or information security for management information 
being passed over the network. 

59. (new) The network switch of claim 19 wherein the one or more security functions 
comprise limiting use of logical management access channels. 

60. (new) The network switch of claim 19 wherein the one or more security functions 
comprise specifying what devices or entities are allowed in the network. 
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61. (new) The network switch of claim 19 wherein the one or more security functions 
comprise specifying what entities are allowed to access what other entities in the 

network. 

62. (new) The network switch of claim 19 wherein each entity on the list of entities eligible 
to be a primary network configuration entity is assigned a level in an authority hierarchy. 

63. (new) The network switch of claim 62 wherein only one entity on the list of entities 
eligible to be a primary network configuration entity is assigned to the highest level of 
the authority hierarchy. 

64. (new) The network switch of claim 62 wherein entities assigned to lower levels of the 
authority hierarchy have exclusive control of only a subset of the one or more security 
functions. 

65. (new) The network switch of claim 21 wherein the one or more security functions 
comprise specifying devices that may facilitate management-level access to the network. 

66. (new) The network switch of claim 21 wherein the one or more security functions 
comprise providing confidentiality or information security for management information 
being passed over the network. 

67. (new) The network switch of claim 21 wherein the one or more security functions 
comprise limiting use of logical management access chaimels. 

68. (new) The network switch of claim 21 wherein the one or more security functions 
comprise specifying what devices or entities are allowed in the network. 

69. (new) The network switch of claim 21 wherein the one or more security functions 
comprise specifying what entities are allowed to access what other entities in the 
network. 
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70. (new) The network switch of claim 21 wherein each entity on the list of entities eligible 
to be a primary network configuration entity is assigned a level in an authority hierarchy. 

71. (new) The network switch of claim 21 wherein only one entity on the list of entities 
eligible to be a primary network configuration entity is assigned to the highest level of 
the authority hierarchy. 

72. (new) The network switch of claim 21 wherein entities assigned to lower levels of the 
authority hierarchy have exclusive control of only a subset of the one or more security 
functions. 



